← Back to Glossary

Static Application Security Testing

SAST

What is Static Application Security Testing [SAST]?

Static Application Security Testing (SAST) is a technique to identify security vulnerabilities by scanning an application’s static source code. 

Scanning static code means scans are done on code as it is written, i.e., without running the code or application. This method enables code to be reviewed piece by piece early in the development process before applications are completed or launched.

SAST tools can be run each time code is submitted for review or in the CI/CD (continuous integration and continuous deployment) pipeline when new versions of software are pushed live. SAST tools recommend security improvements by identifying vulnerabilities such as unauthorized access risks, cyberattack risks, unsecured pass keys or API tokens, and outdated software packages. 

Related Terms

Code Scanning

Web-based content being re-published by a third-party website.

You may be interested in

Product Updates

Introducing Privado integration with OneTrust
Ben Werner
Product Marketing Manager, Privado

Best Practices

How Privado continuously audits app SDKs and ensures compliance
Ben Werner
Product Marketing Manager, Privado

Best Practices

Privacy code scanning: How to sync privacy compliance with software development
Vaibhav Antil
CEO & Co-founder, Privado
View All Resources

Scale Privacy Programs without the Pain

Try Privado's privacy code scanning solution.

Talk to us
Request A Demo